<?php

if (! defined ( 'BASEPATH' ))
	exit ( 'No direct script access allowed' );
/**
 * CodeIgniter
 *
 * An open source application development framework for PHP 5.1.6 or newer
 *
 * @package		CodeIgniter
 * @author		ExpressionEngine Dev Team
 * @copyright	Copyright (c) 2008 - 2011, EllisLab, Inc.
 * @license		http://codeigniter.com/user_guide/license.html
 * @link		http://codeigniter.com
 * @since		Version 1.0
 * @filesource
 */

// ------------------------------------------------------------------------


/**
 * CodeIgniter Encryption Class
 *
 * Provides two-way keyed encoding using XOR Hashing and Mcrypt
 *
 * @package		CodeIgniter
 * @subpackage	Libraries
 * @category	Libraries
 * @author		ExpressionEngine Dev Team
 * @link		http://codeigniter.com/user_guide/libraries/encryption.html
 */
class CI_Encrypt {
	
	var $CI;
	var $encryption_key = '';
	var $_hash_type = 'sha1';
	var $_mcrypt_exists = FALSE;
	var $_mcrypt_cipher;
	var $_mcrypt_mode;
	
	/**
	 * Constructor
	 *
	 * Simply determines whether the mcrypt library exists.
	 *
	 */
	public function __construct() {
		$this->CI = & get_instance ();
		$this->_mcrypt_exists = (! function_exists ( 'mcrypt_encrypt' )) ? FALSE : TRUE;
		log_message ( 'debug', "Encrypt Class Initialized" );
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Fetch the encryption key
	 *
	 * Returns it as MD5 in order to have an exact-length 128 bit key.
	 * Mcrypt is sensitive to keys that are not the correct length
	 *
	 * @access	public
	 * @param	string
	 * @return	string
	 */
	function get_key($key = '') {
		if ($key == '') {
			if ($this->encryption_key != '') {
				return $this->encryption_key;
			}
			
			$CI = & get_instance ();
			$key = $CI->config->item ( 'encryption_key' );
			
			if ($key == FALSE) {
				show_error ( 'In order to use the encryption class requires that you set an encryption key in your config file.' );
			}
		}
		
		return md5 ( $key );
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Set the encryption key
	 *
	 * @access	public
	 * @param	string
	 * @return	void
	 */
	function set_key($key = '') {
		$this->encryption_key = $key;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Encode
	 *
	 * Encodes the message string using bitwise XOR encoding.
	 * The key is combined with a random hash, and then it
	 * too gets converted using XOR. The whole thing is then run
	 * through mcrypt (if supported) using the randomized key.
	 * The end result is a double-encrypted message string
	 * that is randomized with each call to this function,
	 * even if the supplied message and key are the same.
	 *
	 * @access	public
	 * @param	string	the string to encode
	 * @param	string	the key
	 * @return	string
	 */
	function encode($string, $key = '') {
		$key = $this->get_key ( $key );
		
		if ($this->_mcrypt_exists === TRUE) {
			$enc = $this->mcrypt_encode ( $string, $key );
		} else {
			$enc = $this->_xor_encode ( $string, $key );
		}
		
		return base64_encode ( $enc );
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Decode
	 *
	 * Reverses the above process
	 *
	 * @access	public
	 * @param	string
	 * @param	string
	 * @return	string
	 */
	function decode($string, $key = '') {
		$key = $this->get_key ( $key );
		
		if (preg_match ( '/[^a-zA-Z0-9\/\+=]/', $string )) {
			return FALSE;
		}
		
		$dec = base64_decode ( $string );
		
		if ($this->_mcrypt_exists === TRUE) {
			if (($dec = $this->mcrypt_decode ( $dec, $key )) === FALSE) {
				return FALSE;
			}
		} else {
			$dec = $this->_xor_decode ( $dec, $key );
		}
		
		return $dec;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Encode from Legacy
	 *
	 * Takes an encoded string from the original Encryption class algorithms and
	 * returns a newly encoded string using the improved method added in 2.0.0
	 * This allows for backwards compatibility and a method to transition to the
	 * new encryption algorithms.
	 *
	 * For more details, see http://codeigniter.com/user_guide/installation/upgrade_200.html#encryption
	 *
	 * @access	public
	 * @param	string
	 * @param	int		(mcrypt mode constant)
	 * @param	string
	 * @return	string
	 */
	function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') {
		if ($this->_mcrypt_exists === FALSE) {
			log_message ( 'error', 'Encoding from legacy is available only when Mcrypt is in use.' );
			return FALSE;
		}
		
		// decode it first
		// set mode temporarily to what it was when string was encoded with the legacy
		// algorithm - typically MCRYPT_MODE_ECB
		$current_mode = $this->_get_mode ();
		$this->set_mode ( $legacy_mode );
		
		$key = $this->get_key ( $key );
		
		if (preg_match ( '/[^a-zA-Z0-9\/\+=]/', $string )) {
			return FALSE;
		}
		
		$dec = base64_decode ( $string );
		
		if (($dec = $this->mcrypt_decode ( $dec, $key )) === FALSE) {
			return FALSE;
		}
		
		$dec = $this->_xor_decode ( $dec, $key );
		
		// set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC
		$this->set_mode ( $current_mode );
		
		// and re-encode
		return base64_encode ( $this->mcrypt_encode ( $dec, $key ) );
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * XOR Encode
	 *
	 * Takes a plain-text string and key as input and generates an
	 * encoded bit-string using XOR
	 *
	 * @access	private
	 * @param	string
	 * @param	string
	 * @return	string
	 */
	function _xor_encode($string, $key) {
		$rand = '';
		while ( strlen ( $rand ) < 32 ) {
			$rand .= mt_rand ( 0, mt_getrandmax () );
		}
		
		$rand = $this->hash ( $rand );
		
		$enc = '';
		for($i = 0; $i < strlen ( $string ); $i ++) {
			$enc .= substr ( $rand, ($i % strlen ( $rand )), 1 ) . (substr ( $rand, ($i % strlen ( $rand )), 1 ) ^ substr ( $string, $i, 1 ));
		}
		
		return $this->_xor_merge ( $enc, $key );
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * XOR Decode
	 *
	 * Takes an encoded string and key as input and generates the
	 * plain-text original message
	 *
	 * @access	private
	 * @param	string
	 * @param	string
	 * @return	string
	 */
	function _xor_decode($string, $key) {
		$string = $this->_xor_merge ( $string, $key );
		
		$dec = '';
		for($i = 0; $i < strlen ( $string ); $i ++) {
			$dec .= (substr ( $string, $i ++, 1 ) ^ substr ( $string, $i, 1 ));
		}
		
		return $dec;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * XOR key + string Combiner
	 *
	 * Takes a string and key as input and computes the difference using XOR
	 *
	 * @access	private
	 * @param	string
	 * @param	string
	 * @return	string
	 */
	function _xor_merge($string, $key) {
		$hash = $this->hash ( $key );
		$str = '';
		for($i = 0; $i < strlen ( $string ); $i ++) {
			$str .= substr ( $string, $i, 1 ) ^ substr ( $hash, ($i % strlen ( $hash )), 1 );
		}
		
		return $str;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Encrypt using Mcrypt
	 *
	 * @access	public
	 * @param	string
	 * @param	string
	 * @return	string
	 */
	function mcrypt_encode($data, $key) {
		$init_size = mcrypt_get_iv_size ( $this->_get_cipher (), $this->_get_mode () );
		$init_vect = mcrypt_create_iv ( $init_size, MCRYPT_RAND );
		return $this->_add_cipher_noise ( $init_vect . mcrypt_encrypt ( $this->_get_cipher (), $key, $data, $this->_get_mode (), $init_vect ), $key );
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Decrypt using Mcrypt
	 *
	 * @access	public
	 * @param	string
	 * @param	string
	 * @return	string
	 */
	function mcrypt_decode($data, $key) {
		$data = $this->_remove_cipher_noise ( $data, $key );
		$init_size = mcrypt_get_iv_size ( $this->_get_cipher (), $this->_get_mode () );
		
		if ($init_size > strlen ( $data )) {
			return FALSE;
		}
		
		$init_vect = substr ( $data, 0, $init_size );
		$data = substr ( $data, $init_size );
		return rtrim ( mcrypt_decrypt ( $this->_get_cipher (), $key, $data, $this->_get_mode (), $init_vect ), "\0" );
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Adds permuted noise to the IV + encrypted data to protect
	 * against Man-in-the-middle attacks on CBC mode ciphers
	 * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV
	 *
	 * Function description
	 *
	 * @access	private
	 * @param	string
	 * @param	string
	 * @return	string
	 */
	function _add_cipher_noise($data, $key) {
		$keyhash = $this->hash ( $key );
		$keylen = strlen ( $keyhash );
		$str = '';
		
		for($i = 0, $j = 0, $len = strlen ( $data ); $i < $len; ++ $i, ++ $j) {
			if ($j >= $keylen) {
				$j = 0;
			}
			
			$str .= chr ( (ord ( $data [$i] ) + ord ( $keyhash [$j] )) % 256 );
		}
		
		return $str;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Removes permuted noise from the IV + encrypted data, reversing
	 * _add_cipher_noise()
	 *
	 * Function description
	 *
	 * @access	public
	 * @param	type
	 * @return	type
	 */
	function _remove_cipher_noise($data, $key) {
		$keyhash = $this->hash ( $key );
		$keylen = strlen ( $keyhash );
		$str = '';
		
		for($i = 0, $j = 0, $len = strlen ( $data ); $i < $len; ++ $i, ++ $j) {
			if ($j >= $keylen) {
				$j = 0;
			}
			
			$temp = ord ( $data [$i] ) - ord ( $keyhash [$j] );
			
			if ($temp < 0) {
				$temp = $temp + 256;
			}
			
			$str .= chr ( $temp );
		}
		
		return $str;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Set the Mcrypt Cipher
	 *
	 * @access	public
	 * @param	constant
	 * @return	string
	 */
	function set_cipher($cipher) {
		$this->_mcrypt_cipher = $cipher;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Set the Mcrypt Mode
	 *
	 * @access	public
	 * @param	constant
	 * @return	string
	 */
	function set_mode($mode) {
		$this->_mcrypt_mode = $mode;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Get Mcrypt cipher Value
	 *
	 * @access	private
	 * @return	string
	 */
	function _get_cipher() {
		if ($this->_mcrypt_cipher == '') {
			$this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;
		}
		
		return $this->_mcrypt_cipher;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Get Mcrypt Mode Value
	 *
	 * @access	private
	 * @return	string
	 */
	function _get_mode() {
		if ($this->_mcrypt_mode == '') {
			$this->_mcrypt_mode = MCRYPT_MODE_CBC;
		}
		
		return $this->_mcrypt_mode;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Set the Hash type
	 *
	 * @access	public
	 * @param	string
	 * @return	string
	 */
	function set_hash($type = 'sha1') {
		$this->_hash_type = ($type != 'sha1' and $type != 'md5') ? 'sha1' : $type;
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Hash encode a string
	 *
	 * @access	public
	 * @param	string
	 * @return	string
	 */
	function hash($str) {
		return ($this->_hash_type == 'sha1') ? $this->sha1 ( $str ) : md5 ( $str );
	}
	
	// --------------------------------------------------------------------
	

	/**
	 * Generate an SHA1 Hash
	 *
	 * @access	public
	 * @param	string
	 * @return	string
	 */
	function sha1($str) {
		if (! function_exists ( 'sha1' )) {
			if (! function_exists ( 'mhash' )) {
				require_once (BASEPATH . 'libraries/Sha1.php');
				$SH = new CI_SHA ();
				return $SH->generate ( $str );
			} else {
				return bin2hex ( mhash ( MHASH_SHA1, $str ) );
			}
		} else {
			return sha1 ( $str );
		}
	}

}

// END CI_Encrypt class

/* End of file Encrypt.php */
/* Location: ./system/libraries/Encrypt.php */